uClinux - PIC (Position Independent Code), XIP (eXecute In Place)
By Paul Dale
pauli@snapgear.com
Improvements to the PIC (Position Independent Code) handling within the SecureEdge platform now takes advantage of the advanced XIP (eXecute In Place) functionality to increase the payload within the SecureEdge family's Flash. A previous technical bulletin has discussed some of the drastic memory improvements that have been possible with uClinux running on the SecureEdge platform. These improvements have focused on the memory management for dynamically allocated data but nothing has been done to address code sizes. SnapGear engineers have turned their gaze to ways in which more can be packed in less space. The "standard" SecureEdge VPN Router is often configured as containing 1Mb of Flash memory and 4Mb of RAM. Although units in the family can scale up to 32Mb of Flash and over 64Mb of RAM it has long been a key advantage that SecureEdge products are cheaper and faster than competing products - the secret has been in keeping unit costs down and the design elegant but practical. OEM partners are always looking for ways in which complete application suites can be shipped in smaller memory footprints. With all SecureEdge family units being field upgradeable with fail-safe boot ROM it is another advantage to OEM customers to know that the field life of a product can be extended with additional functionality possible over time rather than code "bloat" actually reducing the lifespan (a common problem with desktop computers!).
A SecureEdge VPN Router boots from a compressed image in Flash which is then expanded into RAM. This method gives the greatest advantage because high compression ratios allow significant additional storage of code while once executing the dynamic memory requirements of most applications is relatively small in comparison. So the boot phase (taking approximately one second) will decompress the image and set up text, data, bss, and stack for each executable in the normal Linux context. However, each application required all elements to be separate, limiting for example the PoPTop daemon to only about four simultaneous sessions + kernel & TCP/IP within 4Mb RAM. Strictly speaking, XIP has always been present but uClinux had a 32Kb code/data limit. SnapGear engineers made improvements to gcc to resolve these limitations and produce the first fully-featured implmentation. The table below illustrates the improvements:
| (Kb) | Old | New | Delta | Improvement |
|---|
| Straight ROM image | 1256448 | 1031168 | 225280 | 18% |
|---|
| Compressed Flash image | 782000 | 641143 | 140857 | 18% |
|---|
| Total Memory | 2260 | 2480 | 220 | 10% |
|---|
| Free Memory | 1684 | 1956 | 272 | 16% |
|---|
Overall there was up to 10% code size shrink - now only minimal relocation records required, apart from initialised data. The specific gains for particular applications are where these advances really shine, for example the daemon pppd now runs in 60-70Kb of memory rather than 170Kb. And with PPTP it is now possible to run 25 - 30 sessions rather than just 4. With the IPSec VPN code it is now possible to run several hundred simultaneous sessions in an appliance that sits on the palm of your hand. Functionality that has previously only been found in expensive rack-mounted appliances costing 3 to 4 times the build price of a SecureEdge VPN Router.
Further information on SnapGear VPN Routers
Further information on SecureEdge Development Platforms
Further Technical Bulletins
| 
